| Message ID | 20220513194048.476326-1-namhyung@kernel.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | d951e794d05ea0fb4464af5abab0d680ad1baa5e |
| Headers | show |
| Series | libtraceevent: Check type string length in eval_type_str() | expand |
diff --git a/src/event-parse.c b/src/event-parse.c index f862f49..e4b337c 100644 --- a/src/event-parse.c +++ b/src/event-parse.c @@ -2437,6 +2437,10 @@ eval_type_str(unsigned long long val, const char *type, int pointer) int len; len = strlen(type); + if (len < 2) { + do_warning("invalid type: %s", type); + return val; + } if (pointer) {
The pointer type check unconditionally accesses len - 2 and it could be a problem when the given type string broken or malicious. Also the shortest supported type length is 2 (s8 and u8). So let's check the length first to prevent invalid access. Actually this was found in a fuzzer test. Signed-off-by: Namhyung Kim <namhyung@kernel.org> --- src/event-parse.c | 4 ++++ 1 file changed, 4 insertions(+)